[Infrastructures] Sarbanes-Oxley

Steve Traugott stevegt@TerraLuna.Org
Thu, 10 Mar 2005 15:07:28 -0800 

--oC1+HKm2/end4ao3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

(Following up on myself because this really belongs in its own thread...)

On Thu, Mar 10, 2005 at 02:50:52PM -0800, stevegt wrote:
> My own thoughts include an opinion that Sarbanes-Oxley sections 404 and
> 802 are likely to make NFS even less appealing by comparison.

If you're at a public company, or one that hopes to IPO, and you haven't
been hit with SOX yet, then consider yourself lucky but fated.  From a
sysadmin perspective, 802 specifies data protection and retention
requirements as well as criminal penalties for failing to meet them,
while 404 ties user authentication, authorization, and document workflow
to the annual report, SEC regs, and more criminal penalties.  Since this
is all new and subject to interpretation by auditors and case law as it
evolves, there's no telling whether this is the next Y2K-like IT
upheaval, or not. =20

These penalties are aimed more at the executive suite than the
line-level; sysadmins are going to start seeing upper managers and
finance folks *care* about these things.  As a result, we're going to
start getting deluged with vendorware pushed down from on high
(Sharepoint, anyone?), peddled by consultants claiming to "solve" the
problem while making your life harder.  It's in the sysadmin's best
interests to get ahead of that.  Now would be a good time to go ahead
and launch Kerberos and OpenAFS pilots, Zope for document workflow, and
so on.  You're going to be doing these things anyway -- whose code would
you rather use?
                                                                           =
    =20
Steve
--=20
Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
stevegt@TerraLuna.Org=20
http://www.stevegt.com -- http://Infrastructures.Org

--oC1+HKm2/end4ao3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCMNMw8rKIxO1Fc9MRAuoGAJ4xWOYuIxBfNQHt9B1F1Pw/IsUn3QCeJnhY
27ZYfzGOx6NzMml55v4HUWE=
=vt71
-----END PGP SIGNATURE-----

--oC1+HKm2/end4ao3--